Skip to main content


Formidable provides a Hash class that can be used to hash and compare strings. By default, Formidable uses bcrypt to hash passwords, but you can also use argon2.


The default hashing driver is bcrypt. You can change this by setting the driver option in your config/hashing.imba or config/hashing.ts config file.

Basic Usage

Hashing Passwords

You may hash a password with the make method of the Hash class:

import { DB } from '@formidablejs/framework'
import { Request } from '@formidablejs/framework'
import { Hash } from '@formidablejs/framework'
import { Controller } from './Controller'

export class PasswordController extends Controller {
async update(request: Request): Promise {
const password = await Hash.make(request.get('password'))

.where('id', request.auth().user!.id)
.update({ password })

Configuring The Hashing Driver

To configure a hashing driver, you can head over to the config/hashing.imba or config/hashing.ts config file.

Here, you can change bcrypt rounds or argon2 memory cost, parallelism, and time cost.

Verifying That A Password Matches A Hash

The check method provided by the Hash class allows you to verify that a given plain-text string corresponds to a given hash:

if (await Hash.check(request.get('password'), user.password)) {
// the passwords match